httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "William A. Rowe Jr." <wr...@rowe-clan.net>
Subject Re: [Preannounce] APR 1.4.4 vulnerability corrected
Date Fri, 20 May 2011 17:04:33 GMT
On 5/20/2011 1:44 AM, Rainer Jung wrote:
> On 19.05.2011 18:59, Jeff Trawick wrote:
>> On Thu, May 19, 2011 at 12:40 PM, William A. Rowe Jr.
>> <wrowe@rowe-clan.net> wrote:
>>> Does anyone see an issue with this going out right now?
>> apr-util 1.3.11: A fix to LDAP support in apr-util 1.3.11 could cause
>> crashes with httpd's mod_authnz_ldap in some situations.
> 
> This is of concern for any user of apr_ldap_rebind_init(). For httpd it
> is only relevant for 2.3.x. Previous versions do not use this function.

So it isn't an issue for announce-2.2, but could be mentioned by
Jim for announce-2.3-beta - thanks Rainer!

Mime
View raw message